<?php

class Security {
	
	function applyFiltersFiltros($value) {
		//$ret = Security::prevenirXSS($value);		
		$ret = Security::preventSqlInjection($ret);
		return $ret;
	}
	
/*	function preventXSS($value) {
		$aux = strip_tags($value);	
		$vXmlReader = new MyXmlReader('webconfig.xml');
		$vEncoding  = $vXmlReader->getValue("charsetDBDestination");
		return htmlentities($aux,  ENT_COMPAT, $vEncoding);
	}*/

	
	/**
	 * Prevent SQL injection attack
	 * @param string $value
	 * @return value with SQL injection
	 */
	function preventSqlInjection($value) {
		if(!get_magic_quotes_gpc())
			$return = addslashes($value);
		else		
			$return = $value;
		return  $return;
	}

	
	function whereForDelete($value) {
		$key = split("&", $value);
		$where = array();
		foreach ($key as $cond) {
			list($nombre, $valor) = split('=', $cond);
			$where[] = "$nombre = '".Security::aplicarFiltros($valor)."'";
		}
		return  $where;
	}
	
}
?>